The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. Other vulnerabilities have also been addressed.
ddd1e7fc677c2b02d3351058bf31466aa231865f93abfb9cdfa1d1ca55622f8dMaxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Various other vulnerabilities were also addressed.
051e461652f3d7e1d5f1bd5ab2e8d9f2f9a398877fa90de84818f4955d1a2074Debian Linux Security Advisory 4941-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
9e4606f89d1986908d6e85cb89fbdb57f27c0579df76bf6f6ebb8845f2929900Red Hat Security Advisory 2021-2763-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3.
dd5bf4b47619cb7cf6a4d8e1c487c6dc69a9bf1975a74bdb6e734c3924fcf545It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
85ecff3443cabbbdfd95e276021ce53f9ded3558dc511597031bf1014cb24140Red Hat Security Advisory 2021-2736-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a use-after-free vulnerability.
1fa632f28d5e605ea0ec82cfb7ecd3c710ed64a96ecae4e68f689247c4013aa9Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. They successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. A basic proof of concept (a crasher) is attached to this advisory.
0c0b69962c7c4951fd574d5a8b85049490d77ada7568b05cfb4bce7ca40aa09aRed Hat Security Advisory 2021-2737-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a use-after-free vulnerability.
2e5b80333758444ee18869e9bb1536cdf3c1792d73a5b2e1de77d5239e912e20Red Hat Security Advisory 2021-2725-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.
839801d043758f7e24d6866c3d962cab1678aa56dbae96ccf9380109e7674816Red Hat Security Advisory 2021-2726-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
d6efc4fe2546e1493ba8e36a97c8fe29405d425bb301d46e0f650cdaf1e8942eRed Hat Security Advisory 2021-2728-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
d43770786054aac5b8cc61fbf199a0182de62f1b498cb7938b8816c513a0b04cRed Hat Security Advisory 2021-2729-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
bf7f86cf504a3fe0a68f264a3fc9d99b6cde2e998fa085b4a75c1857e5653d62Red Hat Security Advisory 2021-2716-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
d2b0e265f99beeeea554dd55591382009c12d9fd25667c86da3b52321a68846eRed Hat Security Advisory 2021-2720-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
4ed594fb576d3f8b864ea7e28b5b4e3fa88ef75b4717b44ff007afb33ec36a7bRed Hat Security Advisory 2021-2731-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
d6336d25ec6673afb2d64d9fbea17418ad1a3ad59cbaffd57c3a662c1bd5cf0cUbuntu Security Notice 5018-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4c1acb01997501488d94e4f295f9a8b096b13216c5f32c0bc98642127cd2ea8aUbuntu Security Notice 5017-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
2eeefb31a25b77fe7591b7712630bbf4e79e970217c6805c3eafc7c444d44c09Ubuntu Security Notice 5016-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
df70a721f7fb5de200a155149e97844791763fb3ad0f300b9d557dfe0afc8fd2Ubuntu Security Notice 5015-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
938c07de4b780e3bfb12805558bfd4d0031ce2064450b55479b032547a6502ecUbuntu Security Notice 5014-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code.
882accf7540cff2ee1cec3ed2d182536a3ac2fe3f2953cfe343075c9a2bbeb1dRed Hat Security Advisory 2021-2727-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
0044402a8af57531c5c661603d2f4345f464d35ba72ffc0fa6257a02e425c795Red Hat Security Advisory 2021-2714-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
23baa67510cfc5c168ec56f506752176e3272153219e21029be09872aa18a07aRed Hat Security Advisory 2021-2723-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
8e0a97b52d733962f5debacf494c658744d1438aff922ef0cee4503b8ba71a93Red Hat Security Advisory 2021-2718-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.
b5d2a86d6368571ef0d34128c40be52cab5354d30a4e4bbfcba727bd7eef99d6Red Hat Security Advisory 2021-2719-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include bypass and use-after-free vulnerabilities.
e26fe41b898fa5fb54eb09bbc4300aeb69f3300632f9ea6b618e57cc39619d3a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed